Wireshark LAN Monitoring HaganFox.net/NetSec Originally presented at

Slides:

Advertisements

Similar presentations

3 LAN Design Basics Computernetze 1 (CN1) Prof. Dr. Andreas Steffen

Advertisements

1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 3 Ethernet Technologies/ Ethernet Switching/ TCP/IP Protocol Suite and IP Addressing.

Growing the Network © 2004 Cisco Systems, Inc. All rights reserved. Maximizing the Benefits of Switching INTRO v3.0—3-1.

1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.

13.1 Chapter 13 Wired LANs: Ethernet Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Ethernet Network Fundamentals – Chapter 9.

Ethernet Frame PreambleDestination Address Source Address Length/ Type LLC/ Data Frame Check Sequence.

© 2002, Cisco Systems, Inc. All rights reserved..

Hubs & Switches Ethernet Basics -10. There is only so much available bandwidth, in some instances it can be dynamic An overabundance of data on the network,

Networking Components

NETWORKING COMPONENTS La’Trena Barrett CECS

Instructor & Todd Lammle

Introduction to IT and Communications Technology Justin Champion C208 – 3292 Ethernet Switching CE

1 CISCO NETWORKING ACADEMY PROGRAM (CNAP) SEMESTER 1/ MODULE 8 Ethernet Switching.

Network Devices.

1/28/2010 Network Plus Network Device Review. Physical Layer Devices Repeater –Repeats all signals or bits from one port to the other –Can be used extend.

VLAN V irtual L ocal A rea N etwork VLAN Network performance is a key factor in the productivity of an organization. One of the technologies used to.

Switches 1RD-CSY  In this lecture, we will learn about  Collision Domain and Microsegmentation  Switches – a layer two device ◦ MAC address.

N ETWORKING C OMPONENTS A-3 LTEC 4550 by Joe Garcia.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Exploring the Packet Delivery Process.

Internetworking Lecture # 2 Hassan Shuja 02/21/2006.

Chapter Overview Bridging Switching Routing.

Review: –Ethernet What is the MAC protocol in Ethernet? –CSMA/CD –Binary exponential backoff Is there any relationship between the minimum frame size and.

The switch is the backbone of nearly every network in use. It generally comprises of 4 to 64 ports. Each port on a switch operates in it’s own collision.

Campus Networking Best Practices Hervey Allen NSRC & University of Oregon Dale Smith University of Oregon & NSRC

Networks and Protocols CE Week 2a. Network hardware.

Day11 Devices/LAN/WAN. Network Devices Hub Switches Bridge Router Gateway.

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Local Area Networks.

Semester 3—LAN Switching Chapter 2 Objectives  By the end of this chapter we will be able to perform tasks related to: – Various LAN Communication Problems.

1 Network Administration Module 3 ARP/RARP. 2 Address Resolution The problem Physical networks use physical addresses, not IP addresses Need the physical.

Switches 1RD-CSY  In this lecture, we will learn about  Collision Domain and Microsegmentation  Switches – a layer two device ◦ MAC address.

Click to edit Master subtitle style

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.1 Module 8 Ethernet Switching Claes Larsen, CCAI.

A machine that acts as the central relay between computers on a network Low cost, low function machine usually operating at Layer 1 Ties together the.

S7C2 – Legacy Ethernet From the Old to the New. Legacy Ethernet Characteristics CSMA/CD Shared Bandwidth 10 Mbps Common Broadcast Physical Star Topology;

NET 324 D Networks and Communication Department Lec1 : Network Devices.

LAN Switching Concepts. Overview Ethernet networks used to be built using repeaters. When the performance of these networks began to suffer because too.

Chapter 11 Extending LANs 1. Distance limitations of LANs 2. Connecting multiple LANs together 3. Repeaters 4. Bridges 5. Filtering frame 6. Bridged network.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Ethernet Network Fundamentals – Chapter 9.

1. 2 It is a Physical layer device (Layer 1) It is Dummy Device It works with 0’s and 1’s (Bits) It works with broadcasting It works with shared bandwidth.

Planning and Implementing a Basic SOHO Network using Network Segmentation COMP 316.

Objectives After completing this chapter you will be able to: Describe the different types of bridging: Transparent, Source Route and Translate Describe.

Slide #1 CIT 380: Securing Computer Systems TCP/IP.

CCNA1 v3 Module 8 v3 CCNA 1 Module 8 JEOPARDY S Dow.

Instructor & Todd Lammle

Instructor Materials Chapter 5: Network Security and Monitoring

Chapter 2 Overview of Networking Components

LESSON 2.1_A Networking Fundamentals Understand Switches.

Instructor Materials Chapter 5: Ethernet

Networking Devices.

Local Area Networks Yiannos Mylonas.

Part III Datalink Layer 10.

Lab 2 – Hub/Switch Data Link Layer

Chapter 4 Data Link Layer Switching

Configuring EtherChannels and Switch Troubleshooting

Lab 2 – Hub/Switch Data Link Layer

Chapter 5: Network Security and Monitoring

Network Fundamentals – Chapter 9

Ethernet : Framing and Addressing

נכתב ונערך ע"י רס"ל אורטל מנשה, ר"צ אלקטרוניקה

Network Fundamentals – Chapter 9

CCNA Routing and Switching Scaling Networks v6.0

Network Fundamentals – Chapter 9

Network Fundamentals – Chapter 9

Chapter 15. Connecting Devices

Network Fundamentals – Chapter 9

OSI Reference Model Kashif Ishaq.

Network Fundamentals – Chapter 9

Network Fundamentals – Chapter 9

Network Fundamentals – Chapter 9

Presentation transcript:

Wireshark LAN Monitoring HaganFox.net/NetSec Originally presented at DeVry HackFest 2016-03-11 (with subsequent updates and improvements)

Wireshark and USB Creator Vocabulary Words OSI protocol stack * dmesg * dd * cat * partition table * master boot record * GPT * shared Ethernet * switched Ethernet * promiscuous mode * monitor mode * breakout tap * aggregating tap * hub * unmanaged switch * smart switch * managed switch * mirror port * frame * packet * SQ3R * --help * collision domain * half-duplex * full-duplex * block device * pseudo device * SPAN * Ephemeral port * Privileged port * broadcast * multicast * unicast * MAC Address * OUI * 3-Way Handshake * RST

IP Service Broadcast (one-to-all) Multicast (one-to-many) Hubs could only broadcast. Related topic: Promiscuous Mode Multicast (one-to-many) Special type of broadcast Only the ports interested in receiving the traffic Unicast (one-to-one) Port-to-port Full Duplex → bi-directional

Hubs and Switches Hubs Switches All broadcast Half-duplex Collision domain Switches Efficient Full-duplex

Switches Hide Packets You only see packets destined for the port you are sniffing on.

Sometimes written as TAP, for Taps Sometimes written as TAP, for Test Access Port

Taps Effective, but expensive Breakout vs Aggregating Potential point of failure Passively probe* (*) Sometimes passive taps allow injection of TCP resets.

Switches Enterprise: e.g. Cisco SPAN Ports SMB: Mirrored Ports (Switched Port Analyzer) SMB: Mirrored Ports

Types of Switches Unmanaged Low-end Smart Premium Smart Fully Managed Not helpful for sniffing Low-end Smart Helpful, Insecure Premium Smart Some security Features Fully Managed Powerful, with security features

Bandwidth Limitations Aggregating taps and mirror ports are two-into-one*. 2 (RX&TX) → 1 (only TX) Not a problem when your switch is Gigabit and your Internet connection Is 100 megabit. (*) or many-into-one for a monitoring port

Packets will reach... A Host Running Wireshark A Single Host (Learn.) A Single Host (Scrutinize a device.) → LAN Ingress / Egress Traffic ← (Watch for suspicious traffic going in and out.) All LAN Ports (It's too much and not necessary.)

Monitoring a Single Device

Monitoring Ingress / Egress Traffic

A Wireshark-Monitored LAN

Q & A

Wireshark LAN Monitoring HaganFox.net/NetSec